Lucene search
K

1142 matches found

Nuclei
Nuclei
added 12 hours ago70 views

Vue Vben Admin - Default Credentials

Vue Vben Admin 2.10.1 contains a broken authentication caused by hardcoded credentials in the backend, letting attackers log in without proper authorization, exploit requires access to the login interface. id: CVE-2025-25570 info: name: Vue Vben Admin - Default Credentials author: 0xAkoko severit...

9.8CVSS7.1AI score0.01999EPSS
Exploits0References2
Cvelist
Cvelist
added last week31 views

CVE-2026-55647 DataEase: authenticated stored XSS in the dashboard text components

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, dashboard text components render stored component content with Vue v-html without server-side HTML sanitization, allowing an authenticated user who can edit dashboard component data to inject HTML with executable...

5.1CVSS0.00269EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.9 views

PT-2026-56253

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description Dashboard text components render stored content using Vue v-html without server-side HTML sanitization. This allows an authenticated user with permissions to edit dashboard component data to injec...

5.1CVSS6.2AI score0.00269EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/02 7:44 p.m.8 views

CVE-2026-59102

Forgejo before 15.0.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by setting a full name containing an HTML payload and triggering an Actions run. When the DEFAULTSHOWFULLNAME option is enabled,...

5.4CVSS6AI score0.00199EPSS
Exploits0References5
OSV
OSV
added 2026/07/02 12:0 a.m.5 views

MAL-2026-6768 Malicious code in @marketfront/blenderdevtool (npm)

The @marketfront/blenderdevtool package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6AI score
Exploits0References2
OSV
OSV
added 2026/07/02 12:0 a.m.6 views

MAL-2026-6765 Malicious code in @marketfront/bannerpopup (npm)

The @marketfront/bannerpopup package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/07/02 12:0 a.m.3 views

MAL-2026-6766 Malicious code in @marketfront/baobabtech (npm)

The @marketfront/baobabtech package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6.2AI score
Exploits0References2
NVD
NVD
added 2026/07/01 3:17 p.m.7 views

CVE-2026-58035

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Block/SpecialBlock.Vue...

4.8CVSS0.00142EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 3:17 p.m.3 views

UBUNTU-CVE-2026-58035

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Block/SpecialBlock.Vue...

4.8CVSS5.8AI score0.00142EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/01 2:17 p.m.6 views

CVE-2026-58035

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Block/SpecialBlock.Vue...

5.8AI score0.00142EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/07/01 2:17 p.m.6 views

CVE-2026-58035

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Block/SpecialBlock.Vue...

4.8CVSS5.8AI score0.00142EPSS
Exploits0
EUVD
EUVD
added 2026/07/01 2:17 p.m.9 views

EUVD-2026-41009

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Block/SpecialBlock.Vue...

5.8AI score0.00142EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 2:17 p.m.19 views

CVE-2026-58035

CVE-2026-58035 : In Wikimedia Foundation MediaWiki, the vulnerability is an improper neutralization of input during web page generation (XSS) tied to the file resources/src/mediawiki.Special.Block/SpecialBlock.Vue. The available sources confirm a cross-site scripting risk but do not provide concr...

4.8CVSS5.8AI score0.00142EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.5 views

PT-2026-54904

Name of the Vulnerable Software and Affected Versions MediaWiki affected versions not specified Description An issue exists involving improper neutralization of input during web page generation, leading to Cross-site Scripting XSS, where malicious scripts are injected into trusted websites. This...

4.8CVSS6.1AI score0.00142EPSS
Exploits0References7
NVD
NVD
added 2026/06/30 5:16 p.m.11 views

CVE-2026-58176

RuoYi-Vue-Plus through 5.6.2, fixed in commit 88d03d9, exposes workflow task management endpoints under /workflow/task FlwTaskController without any permission check: the controller declares no class-level or method-level authorization annotation, so the endpoints are gated only by global...

7.1CVSS0.00264EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/30 3:56 p.m.7 views

CVE-2026-58176

RuoYi-Vue-Plus through 5.6.2, fixed in commit 88d03d9, exposes workflow task management endpoints under /workflow/task FlwTaskController without any permission check: the controller declares no class-level or method-level authorization annotation, so the endpoints are gated only by global...

7.1CVSS5.9AI score0.00264EPSS
Exploits0References4
CVE
CVE
added 2026/06/30 3:56 p.m.15 views

CVE-2026-58176

CVE-2026-58176 affects RuoYi-Vue-Plus up to version 5.6.2. The FlwTaskController’s /workflow/task endpoints lacked any class- or method-level authorization, leaving task management actions (updateAssignee, urging tasks, and listing with pageByAllTaskWait/pageByAllTaskFinish) gated only by global ...

7.1CVSS5.9AI score0.00264EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 10:41 a.m.9 views

Malicious code in vue-demi-fix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3bf683b6e8715fecd451a06da256d90048054cbe463da64e43c1a8db4226b661 vue-demi-fix is a name-confusion package against the widely used vue-demi library. package.json declares both preinstall and postinstall lifecycle...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/06/30 10:41 a.m.3 views

MAL-2026-6702 Malicious code in vue-demi-fix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3bf683b6e8715fecd451a06da256d90048054cbe463da64e43c1a8db4226b661 vue-demi-fix is a name-confusion package against the widely used vue-demi library. package.json declares both preinstall and postinstall lifecycle...

5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-53926

Name of the Vulnerable Software and Affected Versions RuoYi-Vue-Plus versions prior to 5.6.3 Description The software exposes workflow task management endpoints under '/workflow/task' FlwTaskController without proper permission checks. Because the controller lacks class-level or method-level...

7.1CVSS6AI score0.00264EPSS
Exploits0References8
Rows per page
Query Builder